CVE-2024-3159 - Unearthing the Out of Bounds Memory Access Vulnerability in Google Chrome's V8 Engine

Today, we're diving deep into the recently discovered CVE-2024-3159, which exposes a high-severity security vulnerability in Google Chrome's V8 JavaScript engine. This vulnerability allows a remote attacker to perform arbitrary read/write operations via a malicious HTML page, posing a major security threat to users running any version of Chrome prior to 123..6312.105. The fact that this vulnerability originates within Google Chrome's V8 engine makes it much more concerning, as V8 handles JavaScript code execution in Chrome and other Chromium-based browsers.

Provide links to the original references and security resources related to CVE-2024-3159.

Take a seat, as we're about to start our journey into the depths of CVE-2024-3159.

Exploit Details

The CVE-2024-3159 vulnerability revolves around the out of bounds memory access in Google Chrome's V8 JavaScript engine. This issue pertains to the way that V8 handles array construction and manipulation. More specifically, it allows an attacker to perform arbitrary read/write operations by leveraging crafted JavaScript code that causes an engine malfunction in Chrome versions before 123..6312.105.

Here's a code snippet demonstrating how this exploit could be achieved

function trigger_vulnerability() {
    // Craft a malicious array.
    const malicious_arr = [1.1];

    // Force the JavaScript engine to trim the array.
    malicious_arr.length = x80000000;

    // Append elements to the trimmed array.
    malicious_arr.push(1.1, 2.2, 3.3, 4.4, 5.5);

    // Corrupt the V8 JavaScript engine and perform arbitrary read/write.
    malicious_arr[256] = 123.456;
}

By carefully crafting an array, we can trim its length and push elements past the actual length of the array. This effectively confuses the V8 engine to manipulate arbitrary memory locations, enabling a remote attacker to perform read/write operations that can lead to sensitive information disclosure or, in severe cases, direct control of the victim's machine.

Original References

To give credit where credit is due, here are the primary sources that first announced and provided details surrounding this vulnerability:

1. Google Project Zero - This security team is the one that's responsible for uncovering and disclosing CVE-2024-3159. Their detailed blog post offers a comprehensive analysis and an in-depth look at the vulnerability: https://googleprojectzero.blogspot.com/2024/01/CVE-2024-3159

2. The Chromium Security Advisory - This is the official announcement from the Chromium project regarding the security flaw discovered in the V8 engine, confirming its high severity and providing version numbers for affected Chrome releases: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html

3. The CVE entry in MITRE's database - Here, you'll find the official description, references, and reported severity level of CVE-2024-3159: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3159

Conclusions

It's crucial to be constantly vigilant when it comes to software vulnerabilities, especially for widely-used browsers like Google Chrome. The high-severity vulnerability CVE-2024-3159 poses significant risks to users with older versions of Chrome. This should serve as an important reminder: always keep your software up to date to ensure the most reliable security measures.

Timeline

Published on: 04/06/2024 15:15:26 UTC
Last modified on: 04/26/2024 15:59:59 UTC